FSSO Polling but doesn't work on Policy

Forum|Forum|10 years ago
October 28, 2015
1 reply
3318 views

I am working on setting up FSSO via the direct polling method on our 500D (v5.2.4,build688) firewall. I have created LDAP connections and Single Sign-On profiles for each AD server (4 in total) all polling the same group. I then created a user group for the fsso binding. This pulls in user login/logoff info and I can see it constantly streaming through the user event log for all AD servers however when I add the user group our outgoing policy (as the cookbook says, see link below) I can no longer access the internet. Why is FSSO pulling but not letting me authenticate to the policy? I can provide any further info needed

http://cookbook.fortinet.com/fsso-polling-mode/

Ralph1973

New Member

Hi, be aware that Fortigate first checks for 'normal' policies in its rulebase and then the identity based policies.

When you have an explicit deny configured, that rule is hit!

Check for policy processing via diag deb flow filter tool.

Kind regards,

Ralph Willemsen

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded